How can I create an isolated internal network for only the VM's with internet access with an internal DHCP using the same IP as the router?

D

Darkbotic

Member
Jul 10, 2024
65
1
8
Hello there!

Thank you for reading my message.

The IP of my router is 10.0.0.1 and the available IP's that the router DHCP leases are 10.0.0.1 through 10.0.0.254. Let's call this the MAIN network.
The Proxmox server has an IP on the MAIN network: 10.0.0.25.
My PC has this IP: 10.0.0.30
My laptop has this IP: 10.0.0.40

Inside Proxmox I have VM 100 and VM 101.
I want to create a network, (let's call it ICE) where VM 100 and 101 can talk to each other (within the ICE network) but I don't want them to be able to see the MAIN network.
I also want the VM's to be able to access the internet.

Here's the catch:

1) The IP for the DHCP server of the ICE network must be 10.0.0.1
2) The IP for VM 100 must be 10.0.0.30
3) The IP for VM 101 must be 10.0.0.40

Since the ICE network will be isolated from the MAIN network, there shouldn't be any conflict.
How can I do that?

I tried a Simple SDN with a VNet but if I disable SNAT, there's no internet in the ICE network.
If I enable SNAT, they have internet but the ICE network has a conflict with the IP's on the MAIN network because my PC and laptop already are using them.

How can I do this?

Thanks in advance!
 
A router can only "translate" between different IP-ranges, So having the complete same setup inside and outside will be tricky.
The options that I see are the following:
  • If you can get a second WAN-IP from your ISP, the easiest would be to just install a router-VM (opnsense, pfsense, other) on proxmox and connect proxmox directly to the modem on a second port.
  • If that is not possible, the other option would be double-nat:
    Have 2 router-VM's on proxmox, one with a LAN 10.0.0.1/24, which is connected to a bridge with your 2 other VM's on it. and a WAN of 10.10.10.2/24. Then on the second router-VM have a "lan" of 10.10.10.1/24, connected to the wan of router 1, and a WAN of 10.0.0.254/24 (or something like that) that connects to your local network and internet-router.
    • It won't be pretty, and it will add some delay, but I do not see a reason why it wouldn't work.
Bonus option 3: If we loosen the constraints a little to "MAIN-devices and VM-ICE-Devices need to be on the same IP, assigned through DHCP, and reach the internet", one trick you could also do is:
Assign the IP's 252 and 253 in the MAIN-router to PC and Laptop in the DHCP-Server through a reservation (and maybe reserve 254 as "don't use"
Set up a router-VM with WAN 10.0.0.2/24 and LAN 10.0.0.254/29 connected to the VM's.
In the router-VM still set up the reservation for the VM's on 252 and 253 again, but the router that they get through DHCP would be automatically set to 254. Because of the differences in ranges, the router should still be able to route between the two and only need 1 extra VM
 
Wow, I can't believe it can't be done with the SDN option found in Proxmox. I thought that was the whole point of that option and that Proxmox would share the internet access without the need of having the MAIN router knowing there was another network inside Proxmox because it would only see traffic coming through the IP assigned to Proxmox 10.0.0.25 (basically making Proxmox the WAN for the internal ICE network) and since the internal network would be isolated it wasn't going to have any conflict.
 
I think the question is why are you trying to get a setup with these constraints?

For example, why must vm100 have exactly the same IP as your main PC?
 
Darkbotic said:
Wow, I can't believe it can't be done with the SDN option found in Proxmox.
Click to expand...
Not saying that it can't be done through other means, maybe even SDN can do it but I haven't messed around with it enough.
Like bobmc said though, it is a strange set of constraints, and a strange set of constraints will also often require a strange (set of) solution(s).
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom